On Thu, 7 Apr 2005, Eric A. Hall wrote:
This setup works if you know the server is the last resort for your local clients. It doesn't work as a default install unless you are also willing to scream warnings about changing the defaults everytime named.conf is modified for local use.
Would you really have to scream? i.e. named (at least on redhat) comes with something like: zone "localhost" IN { type master; file "localhost.zone"; allow-update { none; }; }; $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expiry 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 How many admins mess with that? Unless they had reason to (i.e. maybe they use some 1918 space internally and want to setup DNS for it), I doubt that they'd remove similar zone entries intended to be a sink for RFC1918 PTR queries.
Besides which, you'd really prefer to have an internal filter kill the queries before they are sent to the root (as part of chasing down the delegation chain), or before it was sent to the authoritative servers for in-addr.arpa. (if such was already learned), rather than make users remember to change the configuration file.
Defining the zones locally keeps their queries from getting to the root/in-addr.arpa servers. I think I agree with you on losing the * entry, and just letting it return nxdomain. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________